<?php

session_start();
if($_POST && !is_numeric($_SESSION['online_user'])){
    $err = '';
    if(empty($_POST['uname'])) $err='输入正确的用户名';
    if(empty($_POST['pword'])) $err='输入正确的密码';

    if($_POST['calc'] == $_SESSION['mathCaptcha-digit']){
        unset($_SESSION['mathCaptcha-digit']);
        $con = mysql_connect("hdm-011.hichina.com","hdm0110501","f7t9c2s9b3");
        mysql_select_db("hdm0110501_db", $con);
        mysql_query("SET NAMES utf8");
        $sql = 'SELECT id FROM home_user WHERE username="'.trim($_POST['uname']).'" AND password="'.md5($_POST['pword']).'";';
        $result = mysql_query($sql,$con);
        $row = mysql_fetch_array($result, MYSQL_ASSOC);
        $_SESSION['online_user_array'] = $row;
        if ($row['id']){
            $_SESSION['online_user'] = $row['id'];
        }else{	
            $err='输入正确的用户名或密码';
        }
        mysql_close($con);
        unset($_POST);
    }else{
        $err='输入正确的验证码';
    }
    
}
function mathCaptcha() {
    $x = rand(1, 9);
    $y = rand(1, 9);
    if (!isset($_SESSION['mathCaptcha-digit'])) {
        $_SESSION['mathCaptcha-digit'] = $x + $y;
        $_SESSION['mathCaptcha-digit-x'] = $x;
        $_SESSION['mathCaptcha-digit-y'] = $y;
    }
    $math = '<form method="post" action="manager.php">
<label>* 用户名: </label>
<input name="uname" type="text" />
<br />
<label>* 密码: </label>
<input name="pword" type="text" />
<br /><label>* 验证码: </label>';
    $math .= $_SESSION['mathCaptcha-digit-x'].' + '.$_SESSION['mathCaptcha-digit-y'].' = ';
    $math .= '<input type="text" name="calc" />
<br />
<input type="submit"></form>';
    echo $math;
}

function getInfo($p=1){
    $con = mysql_connect("hdm-011.hichina.com","hdm0110501","f7t9c2s9b3");
    mysql_select_db("hdm0110501_db", $con);
    mysql_query("SET NAMES utf8");
    $sSql = 'SELECT *,(SELECT count(1) FROM home_info) as inCount FROM home_info ORDER BY `h_ctime` DESC LIMIT ' . ($p - 1) * 20 . ', ' . 20;
    return mysql_query($sSql);;
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title> 
</head>

<body>
<?php 
if(isset($_SESSION['online_user']) && $_SESSION['online_user']>0){
echo '<a href="logout.php">登出</a>';
$result = getInfo((isset($_GET['p']) && is_numeric($_GET['p'])) ? $_GET['p'] : 1);
echo '<table border="1"><tr><td>孩子名称</td><td>年龄</td><td>性别</td><td>电话</td><td>邮箱</td><td>城市</td><td>时间</td></tr>';
$ifcount = 0;
while ($r = mysql_fetch_array( $result , MYSQL_ASSOC )){
    $ifcount = $r['inCount'];
    echo '<tr><td>'.$r['h_name'].'</td><td>'.$r['h_age'].'</td><td>'.$r['h_sex'].'</td><td>'.$r['h_phone'];
    echo '</td><td>'.$r['h_email'].'</td><td>'.$r['h_city'].'</td><td>'.date('Y-m-d H:i:s',$r['h_ctime']).'</td></tr>';
}

echo '<tr><td colspan="7">';
for($i=1; $i<($ifcount/20+1); $i++){
    echo '<a href="manager.php?p='.$i.'">'.$i.'</a>&nbsp;&nbsp;';
}
echo '</td></tr></table>';
}else{
    if(isset($_GET['r'])){
        echo $_GET['r'];
    }
    echo mathCaptcha();
}
?>
</body>
</html>